Category

Enforcement

04 June 2020

CCPA Enforcement Date Rapidly Approaching: California Attorney General Proposes Regulations for Final Review With July 1, 2020 Less Than One Month Away

On June 1, 2020, California’s Office of the Attorney General (“AG”) moved one step closer to finalizing the California Consumer Privacy Act (“CCPA”) regulations when the AG submitted proposed final regulations for review and approval by California’s Office of Administrative Law (“OAL”).  This submission signals the end of the AG’s CCPA regulation drafting process that began in early 2019.  If the OAL approves the proposed final regulations, they will be finalized and enforceable by the AG, subject to any legal challenges.

(more…)

EmailShare
21 May 2020

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

On May 18, 2020, the Financial Crimes Enforcement Network (FinCEN), as part of its COVID-19-related response, issued a Notice Related to the Coronavirus Disease 2019 (COVID-19) reminding financial institutions of certain Bank Secrecy Act (BSA) obligations and pertinent information regarding reporting COVID-19-related criminal and suspicious activity (the Notice). Contemporaneously, FinCEN issued an Advisory on Medical Scams Related to the Coronavirus Disease 2019 (COVID-19) (the Advisory).

In light of the Notice and Advisory, firms should (a) continue to comply with their BSA obligations; (b) include COVID-19 detail only when that detail relates to the reported suspicious activity; (c) review policies and procedures to notify and to provide COVID-19 information to government agencies, including verification of the requesting agency; (d) review the Advisory red flags related to medical scams; and (e) consider revising policies and procedures as appropriate.

COVID-19-related frauds are a special emphasis for law enforcement and regulatory agencies, so failing to detect and report those issues could be viewed as a significant flaw in a firm’s anti-money laundering (AML) program.

(more…)

EmailShare
12 May 2020

Privacy and Cybersecurity Roundtable: Monitor-Side Chat Series

These informal video chats, moderated by Sidley partner Alan Raul, are designed to help fill the COVID-19 induced privacy discussion drought. We look forward to hearing what is on the mind of key data protection and cybersecurity thought leaders from both public and private sectors. Each chat will be relatively brief, leaving some time to address participant questions via our virtual space. Please feel free to suggest any topics you would be interested to hear addressed by contacting dcevents@sidley.com.

(more…)

EmailShare
05 May 2020

HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts

Since COVID-19 was declared a pandemic, the U.S. Department of Health and Human Services (“HHS”) and its Office for Civil Rights (“OCR”) have taken a variety of steps to relax HIPAA restrictions particularly pertinent to the COVID-19 response.

First, as covered in an earlier posting, HHS took action to waive penalties and assure companies that it would exercise enforcement discretion with respect to the Privacy Rule’s application to telehealth services and certain limited communication activities related to COVID-19 treatment efforts. (more…)

EmailShare
04 May 2020

Stay At Home Orders May Have Killed California’s Ballot Initiative to Expand CCPA [**Update – But Californians for Consumer Privacy Say Maybe Not**]

UPDATE:  Soon after we published the post below, we learned that the sponsors of the California Privacy Rights Act (CPRA) – i.e., the ballot initiative that aimed to amend and significantly expand the California Consumer Privacy Act (CCPA) – intend to push forward with their attempt to get it on the ballot this year.  On May 4th, the initiative’s sponsors, the Californians for Consumer Privacy, announced on Twitter they were submitting to counties across the state.  Whether county election officials can verify the signatures in time to qualify for the November 2020 ballot remains to be seen.  While conventional wisdom is that the recommended April deadline is an important one to make, the approval process may be different this year due to the COVID-19 pandemic and how it might affect the availability of resources to approve initiatives.  We will continue to monitor this situation and provide updates on Data Matters as appropriate.    

The California Privacy Rights Act (CPRA), the ballot initiative that aimed to amend and significantly expand the California Consumer Privacy Act (CCPA), including by creating the California’s very own data protection authority, the nation’s first, appears to be dead–at least for this ballot season.

(more…)

EmailShare
10 April 2020

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

While the world seems to have ground to a halt in so many ways, time still marches on, and along with it, the California Consumer Privacy Act (“CCPA”) enforcement date (July 1, 2020) inches ever closer.   On March 11, 2020, the California Attorney General (“AG”) released the third turn of proposed California Consumer Privacy Act (“CCPA”) regulations.  The AG’s revisions make only moderate changes to the last round of regulations issued in February 2020.  Businesses will not need to dramatically change compliance plans as the proposed revised regulations seek to refine requirements in prior drafts rather than introduce any wholesale changes to the regulatory framework.  (more…)

EmailShare
30 March 2020

Chambers 2020 Global Practice Guides for Data Protection & Privacy and Cybersecurity Available

The updated 2020 Chambers Global Practice Guides for Data Protection & Privacy and Cybersecurity, edited by Alan Charles Raul, are available, covering important developments across the globe and bringing expert legal commentary for businesses.  Read the intros to each Guide here and here.

EmailShare
25 March 2020

European Data Protection Board Releases Statement on Personal Data and COVID-19

On 20 March 2020, the European Data Protection Board (“EDPB”) released a statement on the protection of personal data in connection with measures that public authorities and business organizations (including employers) are taking to address the Coronavirus (COVID-19) pandemic. This statement is an extension of the statement released by the EDPB chair on 16 March 2020, (which can be accessed here). In its latest statement, the EDPB emphasises that EU data protection law (in particular, the EU General Data Protection Regulation (“GDPR”)) does not stand in the way of measures adopted to fight against COVID-19 – if these measures are necessary, proportionate and consistent with safeguards required under EU Member State laws. The EDPB statement also provides useful guidance for organisations to consider when adopting measures to lawfully process personal data during this time.

Overall, while EDPB statement may provide some reassurance to organizations with respect to COVID-19 measures, organizations will be advised to consider guidance issued by specific EU Member State data protection authorities as well. In particular, specific EU Member State data protection authorities have begun issuing COVID-19 guidance that is, at least in certain respects divergent: while certain data protection authorities are adopting a more restrictive approach (for example, the French CNIL), others are more permissible (for example, the UK’s Information Commissioner’s Office).

(more…)

EmailShare
23 March 2020

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

On March 5, 2020, the Office of the Comptroller of the Currency (OCC) issued an updated set of answers to frequently asked questions (FAQs)1 regarding risk management in national bank relationships with third parties to further supplement its 2013 guidance, OCC Bulletin 2013-29 (the Bulletin),2 and its 2017 FAQs (Prior FAQs) on the topic.3 Twelve of the 27 FAQs are new and elaborate on a wide range of topics, including the broad intended scope of third-party risk management obligations, obligations of banks where negotiating power or access to information is limited, oversight of cloud computing providers and data aggregators and use of third parties in model development or delivery of alternative data for credit underwriting.

(more…)

EmailShare
18 March 2020

HHS Issues Limited Waiver of Certain HIPAA Privacy Rule Obligations and Exercises Enforcement Discretion with Respect to Telehealth Services In Light of COVID Public Health Emergency

This week the U.S. Department of Health and Human Services (HHS) took action to waive penalties and refrain from enforcing certain federal health information privacy restrictions under the Health Insurance Portability and Accountability Act (HIPAA) in response to COVID-19.

(more…)

EmailShare
1 2 3 25
XSLT Plugin by BMI Calculator